Specify ACCESS_ CONTROL_SETTINGS and a concrete subtype
Description
relates to
Activity
Ian McNicoll January 13, 2025 at 9:24 AM
There are a couple of examples of PDL at https://github.com/better-care/better-abac-server/tree/master/better-abac-server/src/main/resources/policies
I suggest you ask about this further on openEHR Discourse.
Mohammad Zawahra January 12, 2025 at 10:03 PMEdited
@Ian McNicoll thank you for replying,
It is very logical to handle access control outside the EHR, but when I read the Demographic IM and saw that even “Capability” are flexible and can be archetyped, I thought openEHR can have intrinisic policy language to be integrated with it.
One more thing, the link you attached states in the documentation Policies are created and updated within ABAC admin console and are written in Policy Definition Language (PDL). PDL has predefined policy functions to evaluate party relations and context variables. Is this PDL tailored only for better-abac-server or is it a well known language? Because after googling it i didn’t find solid documentation explaining it.
Thank you in advance.
Ian McNicoll January 9, 2025 at 2:29 PM
I doubt very much if this will ever progress. Most implementers now feel that handling access controls outside of the EHR is more appropriate, with openehr access rules based on AQL paths
Mohammad Zawahra January 8, 2025 at 9:11 PMEdited
Hi there, any update on this ?
In EHR information model, there’s many reference about security information model also, is there a future timeline or current draft of it. And is there any task that I can help in?
Thanks in advance.
Sebastian Iancu March 22, 2021 at 8:25 AM
Status 2021: Abstract type added to XML schemas Release 2.0.0; concrete subtype not yet, still open for suggestions.
EHR_ACCESS references an abstract type of ACCESS_CONTROL_SETTINGS but this is not specified. A subtype would also be beneficial along with an XML Schema.